Database

How to Secure Your PostgreSQL Database – 5 Tips

Photo by Caspar Camille Rubin on Unsplash

PostgreSQL may be the world’s most advanced open source database, but its 82 documented security vulnerabilities per the CVE database also make it highly exploitable. The popular object-relational database is considered superior to others regarding out-of-the-box security. However, proper measures are still required to protect web applications and underlying data. The following are 5 common ways to secure your PostgreSQL implementation from cyber attacks.

1. Do Not Use Trust Security.

When using Trust security, PostgreSQL assumes that anyone connected to the server is authorized to access the database with the database username specified (i.e., the DB trusts that they are who they say they are). To lock this down, edit your pg_hba.conf to use a non-trust authentication method like MD5. Additionally, template1 and PostgreSQL default databases should be revoked remote login access.

2. Use Hash-Based Column encryption for values that don’t need to be decrypted

Encryption methods such as AES are two-way—they can be decrypted—while hash-based encryption methods such as MD5 are one-way. For values that only need to be checked for a match, such as passwords, use one-way encryption for an added layer of security if table data is compromised.

3. Use Physical Separation to Isolate Datasets that Need to be Kept Apart

Using pg_hba and RBAC to control access to physically disparate databases ensures that data in two tables cannot be accessed/viewed simultaneously. Of course, this will break SQL joins, so only use in appropriate scenarios that require physical access separation during the life of a login session.

4. Consider Disabling Remote Access to PostgreSQL

This action alone eliminates a host of substantial attack vectors. Again, this can be set in the pg_hba.conf. If remote access to the database is required, SSH to the server housing the database and use a local connection afterward. Alternatively, you can set up tunnel access to PostgreSQL through SSH, effectively giving client machines access to remote databases as if they were local.9. Assign a Distinct Role for Each Application.

5. Use pg_hba.conf to Specify Which Hosts Can Use SSL-Encrypted and Unencrypted Connections

This can be accomplished by adding and removing the appropriate entries in the pg_hba.conf file. Generally speaking, all clients should be forced to connect with SSL by adding the necessary hostel entries. Using this model, all host entries should be removed (aside from localhost).

July 29, 2024 by Application Security 0

How to Improve MySQL Security: Top 10 Ways

Photo by Campaign Creators on Unsplash

In the pantheon of open source heavyweights, few technologies are as ubiquitous as the MySQL RDBMS. Integral to popular software packages like WordPress and server stacks like LAMP, MySQL is the foundational data platform for most websites and cloud services on the internet today. Unfortunately, its popularity translates to more commonly known attack vectors and security exploits — the following are 11 ways to shore up MySQL security and protect your data more effectively.

10 Ways to Improve MySQL Security

1. Drop the Test Database

The test database installed by the MySQL Server package as part of the mysql_install_db process can be fully accessed by all users by default, making it a common target for attackers. It should therefore be removed during post-installation hardening.

2. Remove All Anonymous Accounts

MySQL, by default, creates several anonymous users that essentially serve no purpose after installation. These accounts should therefore be removed, as their presence on the system gives attackers an entry point in the database.

3. Obfuscate the Root Account

Changing the MySQL root user account to a hard-to-guess name adds another layer of security, as attackers must determine the new account name before attempting to brute force the password values.

4. Disable Remote Logins

If local applications only use the MySQL database, remote access to the server should be disabled. This is done by opening up the /etc/my.cnf file and adding a skip-networking entry under the [mysqld] section. Configuring MySQL to stop listening on all TCP/IP ports, including 127.0.0.1, will effectively restrict database access to local, MySQL socket-based communications.

5. Change Default Port Mappings

MySQL, by default, runs on port 3306. This should be changed after installation to obfuscate what critical services are running on which ports, as attackers will initially attempt to exploit default values.

6. Remove and Disable the MySQL History File

Like the Test database, the MySQL history file located at ~/.mysql_history is created by default during installation. This file should be deleted, as it contains historical details regarding installation and configuration steps performed. This could potentially result in the accidental exposure of passwords for critical database users. A weak link for the .mysql_history file to the null device should be created to stop logging into the file.

7. Do Not Run MySQL With Root Level Privileges

MySQL should be run under a specific, newly-created user account with the necessary permissions to run the service instead of directly as the root user. This adds some auditing and logging benefits while preventing attackers from gaining access by hijacking the root user account.

8. Alter Which Hosts Have Access to MySQL

If set up as a standalone server (i.e., application and web servers query the database from another server), the MySQL instance should be configured only to allow access to permitted hosts. This can be accomplished by making the appropriate changes in the hosts. deny and hosts.allow files.

9. Limit or Disable SHOW DATABASES

Again, stripping remote attackers of their information gathering capabilities is critical to a secure security posture. For this reason, the SHOW DATABASES command should be limited or removed entirely by adding skip-show-database to the [mysqld] section of the MySQL configuration file at /etc/my.cnf.

10. Disable the Use of LOAD DATA LOCAL INFILE Command

The LOAD DATA LOCAL INFILE command allows users to read local files and even access other files on the operating system, which could be exploited by attackers using methods such as SQL injection. The command should therefore be disabled by inserting set-variable=local-infile=0 to the [mysqld] section of my.cnf.

February 28, 2022 by Software 0

Recent Comments

No comments to show.